366589 matches found
CVE-2021-22965
A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device...
CVE-2021-28550 Adobe Acrobat Reader use after free vulnerability could lead to arbitrary code execution
Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current...
CVE-2024-12571 Store Locator <= 3.98.10 - Unauthenticated Local File Inclusion
The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'slengine' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...
CVE-2024-39705
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...
CVE-2023-0600 WP Visitor Statistics (Real Time Traffic) < 6.9 - Unauthenticated SQLi
The WP Visitor Statistics Real Time Traffic WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks...
CVE-2022-30647 Adobe Illustrator Font Parsing Use-After-Free Remote Code Execution Vulnerability
Adobe Illustrator versions 26.0.2 and earlier and 25.4.5 and earlier are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2022-22957
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...
CVE-2021-44701 Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability
Acrobat Reader DC version 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this...
CVE-2021-40728 Adobe Acrobat Reader DC Use After Free Arbitrary Code Execution
Adobe Acrobat Reader DC version 21.007.20095 and earlier, 21.007.20096 and earlier, 20.004.30015 and earlier, and 17.011.30202 and earlier is affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution...
CVE-2021-40726 Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability
Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is...
CVE-2021-36368
An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...
CVE-2021-40438 mod_proxy SSRF
A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution...
CVE-2022-28271 Adobe Photoshop PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
Adobe Photoshop versions 22.5.6 and earlierand 23.2.2 and earlier are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file...
CVE-2021-45064 Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability
Acrobat Reader DC version 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this...
CVE-2021-44223
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin...
CVE-2021-39226 Snapshot authentication bypass in grafana
Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...
CVE-2021-22555 Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS via heap memory corruption through user name space...
CVE-2020-35452 mod_auth_digest possible stack overflow by one nul byte
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...
CVE-2026-22719 VMware Aria Operations command injection vulnerability
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate...
CVE-2022-33965 WordPress WP Visitor Statistics plugin <= 5.7 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities
Multiple Unauthenticated SQL Injection SQLi vulnerabilities in Osamaesh WP Visitor Statistics plugin = 5.7 at WordPress...
CVE-2022-28849 Adobe Bridge Font Parsing Use-After-Free Remote Code Execution Vulnerability
Adobe Bridge version 12.0.1 and earlier versions is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2022-28842 Adobe Bridge Font Parsing Use-After-Free Remote Code Execution Vulnerability
Adobe Bridge version 12.0.1 and earlier versions is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2021-28624 Adobe Bridge SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Adobe Bridge version 11.0.2 and earlier are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a...
CVE-2025-7823 Jinher OA ProjectScheduleDelete.aspx xml external entity reference
A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the...
CVE-2023-22581 White Rabbit Switch - Unauthenticated remote code execution
White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application the default installation makes the webserver run as the root user...
CVE-2021-28553 Adobe Acrobat Reader use-after-free vulnerability could lead to arbitrary code execution
Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the curren...
CVE-2026-20963 Microsoft SharePoint Remote Code Execution Vulnerability
...
CVE-2022-30522 mod_sed denial of service
If Apache HTTP Server 2.4.53 is configured to do transformations with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort...
CVE-2022-28823 Adobe FrameMaker Font Parsing Use-After-Free Remote Code Execution Vulnerability
Adobe Framemaker versions 2029u8 and earlier and 2020u4 and earlier are affected by a Use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2021-39838 Adobe Acrobat Reader DC AcroForm buttonGetCaption Use-After-Free Remote Code Execution Vulnerability
Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetCaption action that could result in arbitrary code execution in the context of the current use...
CVE-2021-28561 Adobe Acrobat Reader memory corruption vulnerability could lead to remote code execution
Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the...
CVE-2021-28632 ZDI-CAN-13471: Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability
Acrobat Reader DC versions versions 2021.001.20155 and earlier, 2020.001.30025 and earlier and 2017.011.30196 and earlier are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the curren...
CVE-2021-32462
Trend Micro Password Manager Consumer version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is...
CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...
CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...
CVE-2021-40725 Adobe Acrobat Reader DC AcroForm listbox Use-After-Free Remote Code Execution Vulnerability
Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is...
CVE-2021-39841 Adobe Acrobat Pro DC DocMedia Type Confusion Remote Code Execution Vulnerability
Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a Type Confusion vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue...
CVE-2021-39840 Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability
Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability when processing AcroForms that could result in arbitrary code execution in the context of the current user. User interaction is required ...
CVE-2021-28558 Adobe Acrobat Reader heap-based buffer overflow could lead to arbitrary code execution
Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary cod...
CVE-2021-28551 Adobe Acrobat Pro DC JPEG2000 Editing Out-Of-Bounds Read Remote Code Execution Vulnerability
Acrobat Reader DC versions versions 2021.001.20155 and earlier, 2020.001.30025 and earlier and 2017.011.30196 and earlier are affected by an Out-of-bounds read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the...
CVE-2021-39839 Adobe Acrobat Reader DC AcroForm getItemAt Use-After-Free Remote Code Execution Vulnerability
Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability in the processing of the AcroForm getItem action that could result in arbitrary code execution in the context of the current user...
CVE-2021-39836 Adobe Acrobat Reader DC AcroForm buttonGetIcon Use-After-Free Remote Code Execution Vulnerability
Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetIcon action that could result in arbitrary code execution in the context of the current user...
CVE-2021-28560 Adobe Acrobat Reader heap corruption vulnerability could lead to arbitrary code execution
Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of...
CVE-2026-42970 Windows Push Notification Information Disclosure Vulnerability
...
CVE-2025-2010 JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin <= 2.3.9 - Unauthenticated SQL Injection
The JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwpuploadresume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...
CVE-2024-39573 Apache HTTP Server: mod_rewrite proxy handler substitution
Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
CVE-2021-39842 Adobe Acrobat Reader DC messageHandler.OnMessage Use-After-Free Vulnerability
Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in...
CVE-2021-39837 Adobe Acrobat Reader DC AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnerability
Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability in the processing of the AcroForm deleteItemAt action that could result in arbitrary code execution in the context of the current user...
CVE-2021-28554 Adobe Acrobat Reader DC Path Parsing Out-Of-Bounds Read could lead to arbitrary code execution
Acrobat Reader DC versions versions 2021.001.20155 and earlier, 2020.001.30025 and earlier and 2017.011.30196 and earlier are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the...